Disqus Bug Deanonymizes Commenters 151
alphatel writes "The Swedish company Resarchgruppen has discovered a flaw in the Disqus commenting system, enabling them to identify Disqus users by their e-mail addresses. The crack was done in cooperation with the Bonnier Group tabloid Expressen, in order to reveal politicians commenting on Swedish hate speech-sites."
Damn! (Score:1)
Damn, so my anonymous.coward@mailinator.com is compromised?
But seriously, who uses a real email address to register anywhere?
Re: (Score:3, Funny)
I do. (Score:5, Interesting)
Re:I do. (Score:5, Insightful)
You're not the one who gets to decide what is unacceptable; prospective employers do. If employers see something that is, to you, completely innocuous or just a tad embarrassing, and they find it offensive or unacceptable, it's not really going to matter how minor you believe it is. Using your real name is just stupid.
Re: (Score:2, Interesting)
Then maybe, just maybe, you wouldn't want to work for that employer. I have always thought you should be able to stand behind your thoughts and opinions should you chose to share them publicly.
Re: (Score:2)
I was going to post the same sentiment, without the maybe. Of course, your post lost a little credibility, since you posted as AC. ;-)
Re: (Score:1)
Of course :) I just haven't bothered trying to recover my slashdot password ever since the email I used for it expired and I am lazy :)
Re: (Score:2)
When I search for my handle (not this one, this one is ancient and I don't use it anywhere else :P) all I find are things I think I'd want employers to see.
Bug reports and such, discussions about Kerbal Space Program, my photography stuff... all things I would be proud to show off. Yes, I find and report bugs. Yes, when I don't know how to do something, I ask. Yes, I know enough about orbital mechanics to get by. Yes, I can operate a camera and somehow have resisted pointing it at (mine, or otherwise) genit
Re:I do. (Score:5, Funny)
my photography stuff
"Bad news, Sir. Looks like we need to throw the third candidate out."
"Why? He looked the most promising."
"I dug around his Internet postings, and I found something disturbing. He's... he's... a Canon user!"
"*gasp* He got some nerve, apply to for a job at Nikon while owning Canons. Feed him to the hounds immediately."
Re:I do. (Score:5, Informative)
I mean heck, CBC posted a story about a baby chair that lets someone stick an iPad in front of an infant and people are flying off the hinge about how that should be considered reckless endangerment and child services should be involved for anyone using that product. Are those really the kind of people you want showing up at your house because they think they know what's better for your child than you do?
I have a friend in animal control who had to deal with a case where a neighbour went into someone else's backyard and killed their puppy by gouging it's eyes out with his bare hands because he thought tethering it to a stake in the yard was cruel.
Re: (Score:3)
"Off grid gal
The radiation from these things is unbelievable, parents should not even be holding their kids hands when they're on these things...I even have witnessed mothers breast feeding while they hold their smart phones centimeters from their baby's brains!!! We need to wake up out of our techno-haze stupour and get back out into nature, untethered!!"
"globecare
No, they should be banned. Not available. This is a children's r
We want healthy, well developed children. (Score:3)
Don't tell US what kind of children we should have! We'll choose whatever the hell we want! Some of us actually love our little mutants.
Re: (Score:2)
Returning to topic, these are exactly the kinds of people I wouldn't want to accidentally hire.
Re: (Score:2)
Re: (Score:2)
I've had death threats and threats to burn down my house from commenters, not on /., before for simple things like saying abortion is a hot button topic. Not even picking a side, just pointing out people get riled up over it. I'd be willing to stand behind anything I post in a public forum, but I have a wife and child and don't want some overly conservative, overly liberal or someone with an extremist view on some other topic showing up at my house with a molotov cocktail while we're asleep or while I'm away on business. I have no delusions that I'm anonymous and know I *could* be tracked down, but I'm not going to just hand out that info. There are too many crazies out there.
I know of someone who got fired from her job over something she posted on a forum. That particular forum was not viewable to the general public, so it's likely that another forum member outed her, or maybe a boss or cow-orker was a member of that forum. After that, she got her id changed to something other than her realname, but I don't think that will help, since several people there know that newname == realname. The horse is out of the barn.
Re: (Score:1)
What's my real name? Even I no longer no as it's been so long since I had any reason to use it. Which identity is the real me? I dressed for sucess, I drive the right kind of cars and have a trophy wife wih the requisite 2.3 kids and 1.8 cats plus .973 dog and I'd love to know which is the real me and no, I've not been diagnosed as Schizophrenic but have been as ADHD.
Re: (Score:2)
Got threatened with death the other day here on SlashDot by some Libertardian off-grid idiot simply for pointing out some of the benefits of civilization. Not the first time, although that was the most amusing reason.
Re: (Score:2)
Re: (Score:2)
Meh. I'm in the Seattle phone book, and other than a couple of hate emails absolutely no one in 15 years of posting on Internet forums has actually done anything. I've also gotten several emails sent to me privately by people unwilling to post online but agreeing (and in one case offering to collaborate on a project). More than the hate emails, I think. Of course I don't post places like the neo-nazi or jihadist web sites so YMMV.
Re: (Score:2)
Re: (Score:2)
Wait, what? (Score:2)
You see no issue with the ipad baby sitter which damages mental and physical growth in infants? Implying or claiming that the people pushing for a recall of the device because of its harmful impact are "bad" people?
Your last paragraph is an appeal to emotion, which reads as a complete fabrication (and of course it's 2nd hand, so not verifiable).
Yeah, there are crazy people out there all right. If you were worried about people threatening you, I'm would have to consider that there is at least a bit of delu
Re: (Score:2)
You see no issue with the ipad baby sitter which damages mental and physical growth in infants? Implying or claiming that the people pushing for a recall of the device because of its harmful impact are "bad" people?
Actually I do disagree with giving tablets to infants. I never said I did agree with it, I'm just much more rational about it and think it should be left up to the parents to do the parenting and they should be able to do it, baring sexual or physical abuse, without Joe public coming after them, physically or with child services. The last paragraph is anecdotal and is intended to demonstrate there are real crazies out there. Visit any animal shelter and you'll see the kind of things pets are put through by
Re: (Score:2)
Actually I do disagree with giving tablets to infants. I never said I did agree with it, I'm just much more rational about it and think it should be left up to the parents to do the parenting and they should be able to do it, baring sexual or physical abuse, without Joe public coming after them, physically or with child services.
Since alcohol is often used as a sedative in old school child rearing, we should allow drip feeders to be sold commercially? I'm all for "freedom" and personal responsibility". There is a very clear distinction between allowing companies to profit off of ignorance at the expense of members of society (which must be enforced by regulation), and "freedom and personal responsibility".
The last paragraph is anecdotal and is intended to demonstrate there are real crazies out there. Visit any animal shelter and you'll see the kind of things pets are put through by crazy people. In this case it was a neighbour instead of the owner.
I did not argue about people being crazy. I'm argued that the sample given was irrational, so is not simply anecdotal. It wa
Re: (Score:2)
Since alcohol is often used as a sedative in old school child rearing, we should allow drip feeders to be sold commercially? I'm all for "freedom" and personal responsibility". There is a very clear distinction between allowing companies to profit off of ignorance at the expense of members of society (which must be enforced by regulation), and "freedom and personal responsibility".
I'm not sure I understand what you're getting at here, this seems completely disconnected from anything I/we were discussing. FYI we still use alcohol based products for teething and colic. Read the ingredients on Grape water next time you're at your local pharmacy, hint not the one that says "alcohol free"
In other words, it was the worst kind of lie.
Except it wasn't a lie and the actuation is liable unless you have proof, not that I'd press charges even if I did know who you were. So yeah, that must be award for you...
Re: (Score:2)
It is telling that you don't understand a very clear question. Maybe read it again, because it has nothing to do with medication you would have to purchase at the pharmacy.
There was a specific reasoning for why your fallacy was called the worst kind of lie, try again without using selective reading. Repeatedly ignoring text you dislike is a pattern for maintaining delusion, not discussing reality.
Re: (Score:1, Insightful)
Then maybe, just maybe, you wouldn't want to work for that employer.
Fair enough, but sometimes people are desperate for a job.
I have always thought you should be able to stand behind your thoughts and opinions should you chose to share them publicly.
Why? Either the ideas have merit or they don't. The end.
Re: (Score:2, Informative)
Nice sentiment, but here in the real world, people in general, which make up the vast majority of employers, are petty, vindictive assholes. As a general rule, you want to keep your personal life as separate from your professional life as humanly possible, especially in a job market where choice is a luxury few enjoy.
Re: (Score:1)
Do you seriously think what GP described is a Usian problem?
Re: (Score:2)
Do you seriously think what GP described is a Usian problem?
It's sounds like the AC's problem to me, if the "vast majority" of his bosses are 'vindictive arseholes' then either he's really unlucky, or there's something about him that brings out the 'vindictive arsehole' in people. My guess is that the AC is a young male and as such will generally have problems with any authority figure. OTOH he has a point, I'm not going to light up a joint in the bosses office any day soon.
Totally agree (Score:1)
Indeed. If an employer is going to block you from an interview based on some random and fairly innocuous posting online, he/she is probably quite likely to nail you to the wall for something similarly petty in the workplace. The one difference being that oft-times the people doing the hiring are not necessarily the ones you'll be working with or directly for.
I can't think of too much online that would paint me in a terribly negative light. The worse being when I've called some people on being jerks (notably
Re: (Score:3, Insightful)
I wouldn't want to work for an employer that would consider anything I've said "unacceptable".
Re:I do. (Score:5, Insightful)
If work was something we wanted to do, it wouldn't be work, it would be hobbies. The whole idea of work is that you do something you otherwise wouldn't because people are willing to pay you for it.
Nobody wants to work for a bad employer, but most people want to be without money even less. People work for assholes because they need the money, not because they want to work for assholes.
Maybe I'm an outlier... (Score:3)
I'm willing to take the risk, and I was two decades ago, too. So far, it's paid off. I haven't had too much trouble finding places to work with a minimum of BS. I wasn't terrified when Google put Usenet online - but then, I'd always been polite when expressing my thoughts. If someone wants anonymity so they can be the "asshole", I find I have limited sympathy.
Typical confusion of terms. (Score:2)
You confuse ANY-one and EVERY-one. ANY-one can be rich. ANY-one can do what you did. ANY-one can win the lottery. But if a certain threshold is reached that won't work any more, unless something fundamentally changes in the system (system in a "sciency" meaning), because whatever the current system is it allows only a certain amount of non-standard actions.
Quite the contrary. (Score:2)
Actually, no. You are confusing the two.
The original question was, who uses a real email address to register anywhere? [slashdot.org]. (Rhetorically) implying that "EVERY-one" doesn't, or shouldn't, use their real identity on the Interwebs. I replied, pointing out that that's not the case - there are people that do, in fact, enter discussion with their real identiies.
I didn't claim (a) that "EVERY-one" does that, nor that (b) "EVERY-one" should do that, nor that (c) "EVERY-one" shoul
Can't please everyone (Score:2)
Re: (Score:2)
What makes you think I say any old fool thing that pops into my head, like an anonymous coward? I'm also on Facebook, but I'm careful what I post there, too.
Re: (Score:2)
You're not the one who gets to decide what is unacceptable; prospective employers do. If employers see something that is, to you, completely innocuous or just a tad embarrassing, and they find it offensive or unacceptable, it's not really going to matter how minor you believe it is. Using your real name is just stupid.
I keep getting published under my real name for my inflammatory views, but The Nation keeps ignoring me for a position as their libertarian columnist. Is that what you are talking about?
Re: (Score:2)
Re: (Score:2)
Using your real name is just stupid.
You tell 'em, Pike*!
-
-
-
*just substitute "Steve" if you don't get the reference.
a little to offend everbody, actually (Score:2, Funny)
Those who don't will surely disapprove of you shamelessly displaying your big blue dong all over the internet.
Re: (Score:2)
Re: (Score:2)
To reiterate: "or (in the case of places like Slashdot) made it easy to find my real name"
Re: (Score:1)
I take it your name is Soren Ceror and you were the 171st Soren Ceror to sign up for a gmail account.
Stop invading my privacy! (Score:2)
Re:I do. (Score:5, Funny)
I got my signs reversed trying to explain the link between electricity, magnetism, and Relativity once.
How can you even look at yourself in the mirror? For shame!
Re:I do. (Score:4, Insightful)
However, if you are a social conformist living an entirely unthreatening life, you really have nothing to hide in the first place. People have had good reasons to hide something for as long as there have been governments. Maybe it's something as simple as enjoying a beer (once an illegal practice), or maybe it's something as heroic as protecting a Jew family from extermination, with a lot of grey areas in between, like marring a person that desperately needs to obtain citizenship or helping a girl get an abortion from a dangerous pregnancy in a state that doesn't allow.
The government is not perfect, so it should have perfect reach. Through out history we have benefited from the inability of governments to enforce the law with absolute efficacy. The US wouldn't even exist today if England had the ability to know everything that was being discussed in their territories. And yes, sometimes social progress needs heroes. People who are upfront about their beliefs in open disobedience. Sometimes we need martyrs. But social progress doesn't actually happen there. It happens at home, at the homes of the low profile individual.
Morality is flexible and nuanced but the law is rigid, short-minded and often manipulated by special interests. Between activism and suppression there is a valley of unenforceability. I'll dare to say that valley was the reason the US flourished while Europe fell into totalitarianism.
You need this environment. Even if none of your current opinions are controversial. Because one day yours, or your childrens' opinion won't won't be welcomed by government.
Oy. (Score:2)
See here [slashdot.org].
Re: (Score:2)
So your point is that you have no point? How lame. But honestly that's bullshit. You ARE advocating for apathy here.
Re: (Score:2)
Pointing out that people can successfully choose not to avail themselves of anonymity - that one can choose to express oneself openly despite risks - is simply not the same thing as saying anonymity should be banned, or even that the option for anonymity isn't important. I don't know who you're arguing with, but it isn't me. If you want to start a fight, you'll have to look elsewhere.
Re: (Score:2)
Woah, Dr. Manhattan posts on Slashdot?? I guess that makes sense as you can replicate yourself. Are you banging someone right now too?
Re:Damn! (Score:5, Insightful)
Another thing to remember, it's never really been possible to be truly anonymous when saying something in text. In the days when the printing press was the preferred way, one still had to have trusted people to help print and distribute the words. In early electronic days when dialup was king, there were always phone records and one had to have accounts on bulletin boards, and systems like fidonet kept origination records. In the days of Usenet, messages could at least be tracked back to a newsserver of origin, and assuming that records were kept, the ISP information could be found and then the subscriber account could be identified.
Nowadays, unless the person wants to take the special laptop that's only used for this purpose, with a special add-on wifi adapter, go park next to a public wifi hotspot and use that public connection, being sure to store the equipment far enough away from themselves when not using it for plausible deniability, there's really isn't true anonymity. If one wants to truly remain anonymous, one generally has to not say anything. That's the tradeoff, true anonymity comes at the price of nonparticipation.
Re:Damn! (Score:4, Informative)
But seriously, who uses a real email address to register anywhere?
In this case, members of the Swedish racist party "Sverigedemokraterna". They are trying to paint a picture of them selves as "not racist" and "merely anti-imigration", and the party leadership has adopted a policy of excluding anyone who makes racist statements openly. The "avpixlat" site was officially not associated with the party, but it was an open secret that this was where they vented their true opinions anonymously.
Now the hackers have a list hundreds of names linked to incredibly racist quotes that they will presumably publish one at a time in order to do maximum damage to the party before the elections next year.
A simpler approach (Score:3)
reprehensible (Score:2)
The original topic poster wrote it like what they did was for a good purpose. While I might like journalists to do investigations of politicians I dislike bursting peoples trust in anonymity.
Re: (Score:2)
Demonstrating to the public in general that there is little or no anonymity is much more important than any political agenda. Why leave things 'up' so that specialists can fish around?
Re:A simpler approach (Score:5, Informative)
Actually Expressen are not revealing the identifies of politicians who commented on expressen.se, they are revealing the identities of commenters on racist / xenophobic sites friatider.se and avpixlat.info. The articles and comments on these sites are mostly very harsh, distastefully racist, and written anonymously. They have identified very racist commenters as members of the controversial, Swedish far-right, and most would say racist, party Sverigedemokraterna. The SD-party works hard to portray a more polished image, with for example a "zero tolerance policy on racism", which equates to you might be kicked out if you say or do something too obviously racist. SD has it roots in the 90s far-right racist movement in Sweden (http://www.youtube.com/watch?v=LZWsZyShR_s), and one their mottos is "Sweden for the Swedish". The party is definitely mostly racist, but their official political stance is more xenophobic and social conservative, with a few immigrants joining their ranks complaining, for example, that it is the Somali or immigrants who are the "real problem".
Researchgruppen used a Disqus security flaw to find out which e-mail addresses were behind some of these racist commenters, and are now revealing that behind the nicknames were SD-politicians. So.. This is a big win for Expressen, since the Swedish mainstream media and most Swedes are sworn enemies to Sverigedemokraterna.
And on another note.. Congratulations to Flashback, the quite huge, Swedish, non-profit, ultra-liberal and quite lawless discussion forum, which has absolute free speech and therefore has become illegal to run from Sweden (it's now run from abroad). Flashback has through the years succeeded in keeping their users anonymity safe and freedom to speak total, no doubt without attempts form the Swedish state, police and media to the contrary - since flashback has become the main for hub for discussions about controversial subjects like drugs, racism and much more.
Re: (Score:2)
The articles and comments on these sites are mostly very
harsh, distastefully racist, and written anonymously.
It might do some good to expose the people making that sort of post. Because, often enough, the 'over the top' anonymous comments on ANY forum are posted by opposition-trolls whose whole point is to make the other side look bad to bystanders who read the forum comments.
When you go to Conservative forums, there are obvious fake troglodyte racist posts made anonymously by people on field trip
Re: (Score:2)
Actually no.
Researchgruppen is an ultra-leftist organization, run by people who have committed assaults. They are offering a 50 000 SKR bounty [twitter.com] for someone to hack the Flashback site to de-anonymize their political opponents there.
These "racist" [avpixlat.info] sites are the ones [exponerat.info] which post news without Swedish white pixelization [wikipedia.org] and political correctness. However it is true that there are comments which are negative - just like comments in any media outlet.
What Expressen and Researchgruppen did was that they de-anonymized
Re: (Score:2)
Sorry, no comments (Score:1)
From me here.
anonymous@coward.com
Disqus is evil (Score:5, Insightful)
Re: (Score:2)
its also default blocked by ghostery.
I have noticed more and more sites using it though. Maintaining comments is hard I guess, and people are all outsourcing it. I looked into them because ghostery was blocking them all the time. Seems like a horrible company.
The methos is not uncalled for. (Score:1)
In Europe we have an increasing problem with racism and hate speech, especially on anonymous internet forums. This is one of the few jounalistic method that actually works, so I congratulate Researchgruppen on their success. Most of the haters that were reveiled and confronted this way were politicians from the racist "Sweden Demoncrats" party, but additionally some company execs and other privileged persons were scrutinized.
Re: (Score:1, Informative)
Of course, the swedish definition of "hate speech" is any criticism of radical feminism or the failed principles of multiculturalism.
Re: (Score:2)
Re: (Score:2)
Since it's trivial to engage in that sort of 'Hate Speech' anonymously, it's probably cranks and even opposition figures posting that crap to pollute the otherwise reasonable opinions being expressed on said forums. People who oppose free speech can easily pollute a forum with crap they have no belief in whatsoever.
Since when did Advocacy become a crime? I'd rather have people advocating the things you listed right out in plain view, easy to identify, and avoid. Otherwise you end up with the Fever Swamp
Re:The methos is not uncalled for. (Score:5, Insightful)
Part of the problem is the fact that Europe has been trying to block free speech on it.
I am not supporting racist or care for their ideals. But blocking out hate speech is more dangerous then trying to stop it.
Why?
Because the hate speech goes underground, where there is no sense of the scope of the problem. So the government doesn't understand how big the problem is and unable to do an appropriate protection of the hated groups.
Secondly there isn't a counter dialog going on to discredit the hate logic. So people get this feed of hate in private and told that it is taboo, so they keep it quite, however there isn't anyone pointing out the flaw in their reasoning. So they can create more people who hate.
Free speech is necessary, however it isn't safe or easy.
Re: (Score:1)
Why?
Because freedom of speech is a fundamental right, and 'safety' is less important than freedom?
Re: (Score:2, Interesting)
You make an erroneous assumption that people that have a certain strong view and based on emotions can easily be convinced to sway sides by mere logic and facts. You can't. In fact, they use the "facts" to support their own view and disregard of facts contradicting them. Also, they seek more facts and views supporting what they already believe in. It is called information bias and is nothing new, just seems to have become worse and worse lately.
Re: (Score:3)
No the point isn't as much about convincing the people with the strong views, but to people who didn't have a particular view already.
Re:The methos is not uncalled for. (Score:4, Insightful)
In Europe we have an increasing problem with racism and hate speech, especially on anonymous internet forums.
Which is appropriately countered with more speech.
You were never anonymous (Score:1)
The NSA maintains a log of your comments posted on disqus, facebook, twitter, slashdot, reddit, google+, etc. Do you know why Barack Obama changed his mind about the NSA after he was elected? Do you know why Diane Feinstein doesn't care what they do? Do you know why FISA judges rubberstamp everything they do?
The NSA has files on all of them. Coincidence?
This is why I want Rob Ford for President (Score:2)
All of the conventional politicians are stuck trying to push a phony image in lockstep with Ameircan puritansim -- churchgoing, once-a-month missionary position and nothing more than a weak cup of coffee on a Saturday morning.
Since the lifestyles they actually lead involve mistresses, hookers, cocaine, whisky by the barrel, and all manner of shady business deals and votes-for-cash schemes, they are of course vulnerable to all kinds of blackmail by those who can collect the dossiers.
Rob Ford doesn't care.
Re: (Score:2)
We need more Rob Fords who just don't give a shit and aren't slaves to the petty morality of American culture.
Well, duh. He's just a slave to the petty morality of Canadian culture.
Re: (Score:1)
Do you know why Barack Obama changed his mind about the NSA after he was elected? Do you know why Diane Feinstein doesn't care what they do?
Oh, come on now. Apply Occams Razor.
Diane Feinstein is just totally out of touch stupid.
Barack Obama is a serial narcissist.
Both surround themselves with yes-people who will support anything they believe.
There's no need to weave a grand conspiracy to explain them.
Re: (Score:1)
The 60k people
You're only counting the NSA, which is just one of the 16 organizations inside the US Intelligence Community [wikipedia.org].
You're only counting NSA employees, while private contractors like Snowden make up a large part of their workforce.
Don't get me wrong, I think GP is tinfoil-hatter too, but if you think only 60,000 people are capable of listening to your phone calls then you're terribly naive, considering 854,000 [washingtonpost.com] Americans hold top-secret clearance and that's just one country in the whole-wide world.
Re: (Score:2)
The 60k people listening to phone calls and reading your emails/tweets whatever are supposed to stop atrocities.
And you trust them, despise the fact that every government in history abused its powers?
When the huge net they cast actually catches a bad fish, nobody will ever know.
Nor do I care. Freedom and privacy are more important to me than safety, real or imagined.
Comment removed (Score:3)
Re: (Score:2)
yet freedom of speech gets a good stretch here in america when its true definition was essentially political
Looks like you're enjoying that freedom, too, so not sure why the complaining.
not certain the merit of pin-pointing racists, xenophobes and homophobes in america
Sounds like the pot calling the kettle black. If you really think that you are better, first act that way.
Re: (Score:1)
What about when the "government" can "harass you" because it "doesn't like" that you "said" to a hitman that you want him to kill your wife and you promise money if he does it. TYRANNY!
Re: (Score:2)
There is no "true definition" of freedom of speech.
If you would've paid attention in middle school, you would know that it's pretty well defined in the United States Constitution [wikipedia.org].
Peopel Actaully Use That Shit? (Score:1)
Every time I read some inflammatory piece of click bait that riles me up enough to post a response and the Discuss login pops up, I make a mental note not to return to that site and I close the tab.
Discus is bad for site owners, it gives an external entity control over their sites comments and therefore content.Discus is bad for users because it feeds tracking data about the user to an untrustworthy entity that does not need to be connected to the site.
Anybody that uses that shit deserves what they get. May
Re: (Score:3)
Discus is bad for site owners, it gives an external entity control over their sites comments and therefore content.
I see more webpages outsourcing to Discus, probably because managing comments on webpages is a huge timepit and that is just moderating posts. There is also all the "mechanics" of keeping the lists going. But outsourcing leads to other issues (one of many we all argue about on /.), one is loss of capability and control (i.e. counterfeit chips or backdoors in manufactured systems from China).
Blocked at firewall ... (Score:5, Insightful)
Disqus has been blocked at my firewall for some time.
Not because of this, but because I was seeing it on so damned many sites it's not funny. Which means I didn't trust it to be anything good for me.
There's so much shit on the internet these days that if you're not using cookie/script/beacon blockers you're just handing over your information to a company for profit.
I believe every hacker on the planet should be working to release the private details of every company executive (and their families) involved in this stuff. If our personal information is a commodity, then don't act like yours is any different. Assholes.
Much like Zuckerfuck fiercely protects his privacy while undermining ours, you don't get to choose that your privacy is more important than mine.
Re: (Score:2)
Re: (Score:2)
I'm like Bruce Banner in the Avengers ... My secret is that I'm always angry. ;-)
Good Thing... (Score:2)
... I have a separate e-mail account for commenting on the internet.
Howard Deanonymizes (Score:2)
http://www.youtube.com/watch?v=KDwODbl3muE [youtube.com]
Wait till they disentabgle bitcoin (Score:2)
Re: (Score:1)
Physical trading will be a de-link and the outlaws will use it. It kind of defeats the purpose of using public-key cryptography, but in that regard it's no worse than cash, and there may be some external incentives that push people to choose it.
Disqus is awful awful awful (Score:3)
Lots of sites I frequent use it and it's a *terrible* UI model for browsing and commenting on forums. It's slow, has a clunky UI, lacks features, and even WORSE they scrub comments religiously if you even remotely criticize the parent site or any of its prinicipals. I'm assuming Disqus is presenting hosts with a ridiculously cheap package for anyone to think it's a good idea.
Unless it's another Total Information Awareness tool and they don't *care* about how usable it is...
How it was done: (Score:5, Informative)
Morals of the story:
don't leak hashes.
Salt the data before hashing
Don't trust any website to value your anonymity over their profits.
No (Score:2)
they did get the MD5 hashes from Disqus, from their api.
to know which e-mail address it belongs to, Expressen.se did generate MD5 hashes of all their e-mail addresses that they have in their (e-mail) system.
now they know which hash belongs to which e-mail address and can then continues the search for who his/she is what that specific MD5 hash.
Re: (Score:2)
no I didn't. I sad HOW they got hand of the e-mail addresses.
Re:How it was done: (Score:4, Insightful)
This is particularly disturbing because they should well have known about this. Disqus used (uses?) Gravatar, and Gravatar's failure in this exact same fashion has been previously covered [slashdot.org] and was not even fixed for a long time afterward [slashdot.org] (disclaimer: that AC is me. At least, I think it was. The company I referred to in there did respond to my complaint and fixed it on their side (making Gravatar use opt-in and using a generic 'profile picture' when it wasn't enabled) - not sure if there's statistics on how many people decided to enable it.)
Easy solution (Score:1)
"Deanonymizes"? (Score:1)
disqus is the worst comment system ever (Score:2)
okay, there are facebook comments and g+ comments, too.
Why are sites to stupid to use an own comment system? There are many ready-to-use systems.
https://github.com/django/django-contrib-comments/ [github.com]